Assuming what Jim is saying is correct and all the password authentication is done client side, I reckon you should rewrite the system and place it on the server side i.e. in something like a php script. As if the workings of you security are on public view (like client side code is) some smart arse will work it out!